Russian Hackers Who Targeted Clinton Appear to Attack France’s Macron

Image

Emmanuel Macron, center, in Paris on Monday. A new report has heightened concerns that his presidential campaign has been targeted by Russian hacking operatives.CreditCreditPool photo by Lionel Bonaventure

The campaign of the French presidential candidate Emmanuel Macron has been targeted by what appear to be the same Russian operatives responsible for hacks of Democratic campaign officials before last year’s American presidential election, a cybersecurity firm warns in a new report.

The report has heightened concerns that Russia may turn its playbook on France in an effort to harm Mr. Macron’s candidacy and bolster that of Mr. Macron’s rival, the National Front leader Marine Le Pen, in the final weeks of the French presidential campaign.

Security researchers at the cybersecurity firm, Trend Micro, said that on March 15 they spotted a hacking group they believe to be a Russian intelligence unit turn its weapons on Mr. Macron’s campaign — sending emails to campaign officials and others with links to fake websites designed to bait them into turning over passwords.

The group began registering several decoy internet addresses last month and as recently as April 15, naming one onedrive-en-marche.fr and another mail-en-marche.fr to mimic the name of Mr. Macron’s political party, En Marche.

Those websites were registered to a block of web addresses that Trend Micro’s researchers say belong to the Russian intelligence unit they refer to as Pawn Storm, but is alternatively known as Fancy Bear, APT 28 or the Sofacy Group. American and European intelligence agencies and American private security researchers determined that the group was responsible for hacking the Democratic National Committee last year.

On Tuesday, Trend Micro’s researchers plan to release their report detailing cyberattacks in recent weeks against Mr. Macron’s campaign — as well as members of Germany’s Konrad-Adenauer Stiftung, a political foundation linked to Chancellor Angela Merkel’s political party — in what appears to be the latest Russian effort to influence political outcomes in the West.

The Kremlin scoffed at the report. Dmitri S. Peskov, the spokesman for President Vladimir V. Putin, said Monday in Moscow that “this all recalls the accusations that came from Washington and which are still suspended in thin air.” In remarks to Russian news media, he added that Russia had “never interfered” in foreign elections.

But the report’s findings gave some credence to the “strong suspicions” voiced weeks before Sunday’s voting by Mr. Macron’s digital director, Mounir Mahjoubi, that Moscow was the source of what he said had been a barrage of “highly sophisticated” efforts to gain access to the campaign’s email accounts.

Mr. Mahjoubi said in an interview Monday and earlier in April that he had no proof of a Russian role, but that the nature and timing of so-called phishing attacks and web assaults on the Macron campaign had stirred worries that Russia was repeating in France what American intelligence agencies say was a concerted effort to undermine Hillary Clinton’s campaign.

“The phishing pages we are talking about are very personalized web pages to look like the real address,” Mr. Mahjoubi added. Anyone could easily think he was logging into his own email. “They were pixel perfect,” he said Monday night. “It’s exactly the same page. That means there was talent behind it and time went into it: talent, money, experience, time and will.”

The goal was to obtain the email passwords of campaign staff members so a cyberattacker could lurk unseen inside an email account reading confidential correspondence. “If you are speed reading as you sign on, and everybody speed reads online, it’s something you might not notice,” Mr. Mahjoubi said. “For instance, it uses a hyphen instead of a dot, and if you are speed reading you don’t look at the URL.”

Unlike the attacks aimed at Mrs. Clinton’s staff, those directed at the Macron camp, Mr. Mahjoubi said, failed to gain access to any email accounts used by the candidate or his lieutenants.

This winter, the campaign’s website also came under attack. The attacks coincided with highly slanted articles about Mr. Macron on the French language services of Sputnik and RT, formerly Russia Today. Both are state-funded Russian news media outlets.

The coincidence of the hacking of the Macron campaign website, the phishing attacks and the slanted articles caused Mr. Mahjoubi to consider that there might be Russian involvement. “That was only a supposition,” he said, based on the timing.

Mr. Mahjoubi described the phishing attacks as the “invisible side” of an apparent Russian campaign to hurt Mr. Macron, while the “visible side” took the form of fake news or slanted stories in the French-language Russian media.

Russia, or at least its state-controlled media, clearly favored Ms. Le Pen, who criticized European Union sanctions imposed on Russia after it annexed Crimea in 2014 and voiced support for Moscow’s intervention in Syria to prop up President Bashar al-Assad.

The success of its cyberattacks in the United States has only bolstered the Russian hacking group’s ambitions, security researchers say.

“This is the new normal,” said Tom Kellermann, a cyberintelligence expert and the chief executive at Strategic Cyber Ventures. “Geopolitical events will now serve as harbingers for these types of attacks.”

Andrew Higgins and Alissa J. Rubin contributed reporting.

A version of this article appears in print on , on Page A9 of the New York edition with the headline: Russian Hackers Who Targeted Clinton Appear to Turn Weapons on French Race. Order Reprints | Today’s Paper | Subscribe